[geeklog-devel] Re: [geeklog-announce] Geeklog 1.3.8-1sr4 and 1.3.7sr5 security updates
dirk at haun-online.de
Mon Jan 26 17:08:02 EST 2004
>How much longer do you plan on support 1.3.7?
I would prefer to drop it sooner rather than later (getting some of the
new fixes into the old code was a bit of a pain). If it weren't for me
running a 1.3.7 site myself ...
Once 1.3.9 is finally out, that will certainly be the end of the 1.3.7
>On that same note what is the progress with 1.3.9. Are there any areas
>where you could use help getting the release out. I know you mailed a
>summary of things needed for 1.3.9 a couple months ago, what is the
>status of those?
There's that tedious bit of work of having to review each and every
parameter that's passed in a POST or GET and applying COM_applyFilter to
it. I've already decided to leave the admin/*.php files for later. The
files in public_html are mostly done, although usersettings.php and
calendar.php are only half done and I haven't even started on the search
(i.e. actually the search class, as search.php doesn't include much code
And while reviewing the code, I keep finding little oddities and bugs
(two of which are fixed in today's security release). E.g. when deleting
a user, we leave quite a few things orphaned, i.e. with an owner_id that
doesn't exist any more (links, events, blocks, ...).
I also have an ever-increasing list of tiny "it would be extremely nice
to have" things - I guess I just have to cut short that list and try to
get through with the above.
More information about the geeklog-devel